in scripts/lua/oauth/app-id.lua [42:87]
function _M.process(dataStore, token, securityObj)
local cache_key = 'appid_' .. securityObj.tenantId
local result = dataStore:getOAuthToken(cache_key, token)
local token_obj
if result ~= ngx.null then
token_obj = cjson.decode(result)
inject_req_headers(token_obj)
return token_obj
end
local res, err = fetchJWKs(securityObj.tenantId)
if err ~= nil or not res or res.status ~= 200 then
request.err(500, 'An error occurred while fetching the App ID JWK configuration: ' .. err or res.body)
return nil
end
local key
local keys = cjson.decode(res.body).keys
for _, v in ipairs(keys) do
key = v
end
result = cjose.validateJWS(token, cjson.encode(key))
if not result then
request.err(401, 'The token signature did not match any known JWK.')
return nil
end
token_obj = cjson.decode(cjose.getJWSInfo(token))
local expireTime = token_obj['exp']
if expireTime < os.time() then
request.err(401, 'The access token has expired.')
return nil
end
inject_req_headers(token_obj)
local ttl = expireTime - os.time()
local encodedToken = cjson.encode(token_obj)
dataStore:saveOAuthToken(cache_key, token, encodedToken, ttl)
return token_obj
end